Active-active hierarchical key servers

ABSTRACT

In one embodiment, group member devices may be divided into at least one cluster, wherein each cluster includes a primary key server designated to synchronize with a master key server. Each cluster further includes at least one registration server configured to communicate with member devices in the group within the cluster and to synchronize with the primary key server.

BACKGROUND

1. Technical Field

The present disclosure relates to computer networking.

2. Description of the Related Art

Virtual Private Networks (VPNs) allow private subscribers (for example, employees of the same company) to communicate privately over public networks, such as the Internet. Cryptography enabled VPNs can be used to enable the subscribers to transfer confidential data over a private or publicly accessible network. Such VPN architectures can sometimes include a key server that manages the deployment of cryptographic information including group keys within the VPN to authorize VPN subscribers, or group members. As such, conventional key server protocols provide for various means of updating and distributing cryptographic information within the VPN.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an example COOP payload format.

FIG. 2 illustrates an example COOP message format.

FIG. 3 illustrates an example system.

FIG. 4 illustrates an example method.

FIG. 5 illustrates another example method.

FIG. 6 illustrates another example method.

FIG. 7 illustrates an example simplified architecture of a switch.

DESCRIPTION OF EXAMPLE EMBODIMENTS Overview

In one embodiment, group member devices may be divided into at least one cluster, wherein each cluster includes a primary key server designated to synchronize with a master key server. Each cluster further includes at least one registration server configured to communicate with member devices in the group within the cluster and to synchronize with the primary key server.

Example Embodiments

In this application, numerous specific details are set forth in order to provide a thorough understanding of the present invention. It will be obvious, however, to one skilled in the art, that the present invention may be practiced without some or all of these specific details. In other instances, well known process steps have not been described in detail in order to not obscure the present invention.

The components, process steps, and/or data structures described herein may be implemented using various types of operating systems, computing platforms, computer programs, and/or general purpose machines. In addition, those of ordinary skill in the art will recognize that devices of a less general purpose nature, such as hardwired devices, field programmable gate arrays (FPGAs), application specific integrated circuits (ASICs), or the like, may also be used without departing from the scope and spirit of the inventive concepts disclosed herein. Embodiments wherein switches are used operating an internetwork operating system.

Group Encrypted Transport (GET) VPNs offer an efficient framework for any-to-any secured communication using group key VPN techniques. This framework allows for subscribers, also known as group members (GMs), to reside in geographically dispersed locations and securely communicate with each other. Customers including enterprises may prefer the GET VPN framework due to its any-to-any cryptographic nature.

Customer networks may span multiple countries and/or continents and may require multiple key servers distributed across the globe. One mechanism to accomplish this in GET VPN is for the GMs to register to a Key Server (KS) based a configured parameter such as the Key Server address. In the VPN network having more than one KS, the KSs may use a cooperative (COOP) protocol among themselves to elect one of the KSs as a primary KS (PKS). The PKS is then designated to generate and deliver cryptographic information, such as rekeys (updated keys) to all the GMs in the GET VPN. This, however, can be inefficient when dealing with geographically dispersed GMs. For example, a PKS in the United states may send cryptographic information to thousands of GMs all over the world.

In one embodiment, a registration key server (RKS), which is a server to which all GMs register, is made responsible for periodically sending out the cryptographic information to all the registrants. This reduces the load on the PKS.

In another embodiment, a hierarchical key server model is utilized that divides the GET VPN network into a plurality of smaller clusters. These clusters may be based on geographic location, such as content, country, state, etc. or based on other factors, such as company divisions or departments. Each cluster has key servers to handle GM registration as well as periodically deliver cryptographic information to the GMs within the cluster. The cryptographic information generation may be performed exclusively by the KS designated as topmost in the KS hierarchy (described in more detail below). The KS hierarchy may be maintained such that cryptographic (e.g., keying) information flows from the topmost KS hierarchical level to the bottommost hierarchical level before reaching the GMs

The hierarchical KS model may define the following types of KSs according to their roles. It should be noted that the names of the types of servers are solely for the purpose of differentiating between the key server types and should not be read in any way as limiting the functionality of any of the servers.

A registration key server (RKS) is defined as the KS that may be responsible for handling the GM registration as well as responsible for unicasting the keying information to the registered GMs. Thus, the RKS communicates with the GMs within a cluster. There may be multiple RKSs per cluster. The RKSs also synchronize with a primary key server. For purposes of this document, the term “synchronize” shall be construed to mean taking some action or actions to ensure that cryptographic information on one entity is identical to cryptographic information on another entity such as, for example, by copying updated cryptographic information from one entity to another.

A primary key server (PKS) is defined as the KS that may be responsible for synchronizing with the RKSs within a cluster as well as for communicating with PKSs in other clusters. There may be only one PKS per cluster. The PKS also synchronizes with a master key server.

A master key server (MKS) is the topmost key server in the hierarchy. It may be chosen by the PKSs and is responsible for generating the cryptographic information. There may be only one MKS per group. The MKS may synchronize with the PKSs.

The terms RKS, PKS, and MKS in no way imply that these components reside on separate or distinct physical devices. Indeed, it is possible to operate all three components on the same physical device. In one embodiment, however, each RKS operates on its own physical device as does each PKS. The MKS, however, is simply one of the PKSs that has been elected as the MKS.

Each KS may be identified by its cluster identifier, which may be an alphanumeric identifier. The cluster identifier may act as a global identifier to the KS and may be provisioned manually. This identifier may also be conveyed within the COOP message as depicted in the example COOP payload of FIG. 1. In one embodiment, the encoding of the cluster identifier may be performed as depicted in the example COOP message format of FIG. 2.

The PKS selection may be performed by the RKSs within a cluster. The RKSs may establish the initial COOP messages with the other RKSs within the same cluster. This may be performed by referencing the common cluster-identifier in the payload of the COOP messages. The RKSs may then synchronize information with the PKS of the same cluster. Each RKS may synchronize, via, for example, a COOP announce message), with only the PKS of the same cluster. Nevertheless, they may keep the IKE channels open with all other RKSs within the cluster.

The PKS may be the only KS eligible to communicate with any KS outside the cluster. This eligibility may be conveyed by setting a “primary” status field within the COOP message. The PKS may then honor the incoming COOP request only if the request is (1) from another PKS (as identified by the “primary” status field being set, along with a different cluster identifier); or (2) from an RKS inside the cluster (as identified by the request having the same cluster identifier as the PKS). If any KS other than a PKS receives an incoming OOP request that has a different cluster identifier and has the primary field set, then the KS may return the address of the PKS in its cluster as a response and close the IKE session. This allows the PKS to directly discover the PKSs in other clusters. For purposes of this document, the term “honoring” shall be construed to mean handling as a legitimate or otherwise relevant request or command, in contrast with, for example, rejecting or ignoring the request or command.

The PKSs of different clusters may select the MKS by communicating with each other using the COOP protocol. The MKS may then set a new flag within the COOP message to convey that it is the master. The MKS election may be based on various criteria different from the criteria used to elect a PKS. The MKS may set a new flag within the COOP message to convey that it is the master. The PKSs may then synchronize (via COOP announce messages) with only the MKS. However, they may keep IKE channels open with all other PKSes.

In one embodiment, PKS to MKS COOP messages may include the exchange of cryptographic information such as keying, group, and policy information and may exclude group member specific information. The MKS may maintain a database of all PKSs and their interests in receiving cryptographic information for different groups.

In one embodiment, during any RKS failure in a cluster, the PKS in that cluster may take the responsibility of the failed RKS (i.e., directly delivering the cryptographic information to the GMs that were registered with the failed RKS). If a PKS fails, then a new PKS may be elected within the cluster.

Various embodiments of the invention may therefore result in greatly improved scalability of key server deployment, reduction of the delay in primary key server selection, minimization of the number of keying messages traversing continental links, reduction of the number of IKE/COOP sessions in the GET-VPN network, and easing of network management.

FIG. 3 illustrates an example system. Clusters 300 a, 300 b, 300 c may comprise member devices that are divided into clusters by continent, here North America, Europe, and Asia respectively. The group member devices are shown as 302 a, 302 b, and 302 c. Within each cluster reside one or more registration key servers 304 a, 304 b, 304 c and a primary key server 306 a. The primary key servers 306 a, 306 b, 306 c may communicate with a master key server. In this embodiment, the master key server resides on the same machine as the primary key server 306 a. This is depicted by the bolding of the edges of primary key server 306 a whereas the edges of primary key servers 306 b and 306 c are left unbolded.

FIG. 4 illustrates an example method. This method describes a process that may be performed by a primary key server assigned to a cluster of group member devices. At 400, cryptographic information is received from a master key server. This cryptographic information may be included in a message in a cooperative protocol. It should be noted that other messages in the cooperative protocol may also be received. Upon receipt of a message in a cooperative protocol, the primary key server may honor the packet if the packet is from another primary key server or is from a registration key server within the cluster (as determined by examining if the message has a primary flag set and a cluster identifier matching the cluster identifier of the primary key server). At 402, at least one registration key server assigned to the cluster is determined. At 404, the cryptographic information is forwarded to at least one registration key server for distribution to the group member devices within the cluster.

FIG. 5 illustrates another example method. This method describes another process that may be performed by a primary key server assigned to a cluster of a group of member devices. At 500, the primary key server may select, in cooperation with primary key servers assigned to other clusters, a master key server to assign to the group member devices. At 502, the primary key server may learn of a failure of a registration key server assigned to the group member devices. This learning may occur in a number of different ways. In one embodiment, the primary key server may periodically “ping” the registration key servers to see if they are active. In another embodiment, the primary key server may be alerted by a registration key server that it is going to be inactive. At 504, the primary key server may take over the responsibilities of the failed registration key server.

FIG. 6 illustrates another example method. This method describes a process that may be performed by a registration key server assigned to a cluster of group member devices. At 600, a primary key server to assign to the cluster may be selected in cooperation with other registration key servers within the cluster. At 602, a message is received. This message may be in a cooperative protocol. At 604, it is determined if the message is received from a primary key server. At 606, it is determined if the message contains a cluster identifier corresponding to the cluster. If the message is received from a primary key server but the message does not contain a cluster identifier corresponding to the cluster, then at 608 an address of a primary key server associated with the cluster may be returned. If the message is received from a primary key server and the message does contain a cluster identifier corresponding to the cluster, then at 610 cryptographic information is forwarded from the message to the at least one group member device.

FIG. 7 illustrates another example method. This method describes a process that may be performed by a master key server. At 700, first cryptographic information is generated. At 702, second cryptographic information is generated. At 704, a database may be accessed to retrieve information regarding a first and second cluster of group member devices, first and second primary key servers, and indications that the first and/or second primary key servers are interested in receiving cryptographic information. At 704, the first cryptographic information is synchronized with the first primary key server assigned to the first cluster of group member devices. At 706, the second cryptographic information is synchronized with the second primary key server assigned to the second cluster of group member devices.

FIG. 8 illustrates a simplified architecture of a switch 800. Switch 800 includes N line cards, each of which characterized by an ingress side (or input) 805 and an egress side (or output) 825. Line card ingress sides 805 are connected via switching fabric 850, which includes a crossbar in this example, to line card egress sides 825. In this embodiment, one or more line cards performs one or more of the processes described above.

Although illustrative embodiments and applications of this invention are shown and described herein, many variations and modifications are possible which remain within the concept, scope, and spirit of the invention, and these variations would become clear to those of ordinary skill in the art after perusal of this application. Accordingly, the embodiments described are to be considered as illustrative and not restrictive, and the invention is not to be limited to the details given herein, but may be modified within the scope and equivalents of the appended claims. 

1. A system comprising: a master key server; at least one cluster, wherein each cluster includes: a group of one or more member devices; a primary key server designated to synchronize with the master key server; and at least one registration server configured to communicate with member devices in the group and to synchronize with the primary key server.
 2. The system of claim 1, wherein the registration key server is designated to handle group member device registration and delivery of cryptographic information to registered group member devices.
 3. The system of claim 1, wherein the primary key server is designated by the at least one registration servers.
 4. The system of claim 1, wherein the master key server is designated by the primary key servers.
 5. The system of claim 1, wherein the master key server is configured to generate cryptographic information and to synchronize the cryptographic information with the primary key server within the at least one cluster.
 6. The system of claim 1, wherein a cluster is assigned a cluster identifier and the at least one registration server and primary key server within the cluster are further configured to insert the cluster identifier in their communications.
 7. The system of claim 1, wherein synchronization between the master key server and the primary key server excludes the transfer of any group member device specific information.
 8. The system of claim 1, wherein the master key server is further configured to maintain a database of all primary key servers and their interest in cryptographic information for the group.
 9. A method comprising: receiving, at a primary key server assigned to a cluster of group member devices, cryptographic information from a master key server; determining at least one registration key server assigned to the cluster; and forwarding the cryptographic information to at least one registration key server for distribution to the group member devices within the cluster.
 10. The method of claim 9, further comprising: receiving, at the primary key server, a message in a cooperative protocol; honoring the message if the message is from another primary key server or is from a registration key server within the cluster.
 11. The method of claim 10, wherein the primary key server determines that the message is from another primary key server by determining if the message has a primary flag set and examining a cluster identifier encoded in the message.
 12. The method of claim 10, wherein the primary key server determines that the message is from a registration key server assigned to the group member devices in the cluster by examining a cluster identifier for the message.
 13. The method of claim 9, further comprising: selecting, in cooperation with primary key servers assigned to other clusters, a master key server to assign to the group member devices.
 14. The method of claim 9, further comprising: learning of a failure of a registration key server assigned to group member devices within the cluster; and taking over, by the primary key server, responsibilities of the failed registration key server.
 15. A method comprising: receiving, at a registration key server assigned to at least one group member device within a cluster, a message; determining whether to forward cryptographic information from the message to the at least one group member device according to whether the message is received from a a primary key server and whether the message contains a cluster identifier corresponding to the cluster.
 16. The method of claim 15, further comprising: returning an address of a primary key server associated with the cluster if the message is received from a primary key server but the message does not contain a cluster identifier corresponding to the cluster.
 17. The method of claim 15, further comprising: selecting, in cooperation with other registration key servers within the cluster, a primary key server to assign to the cluster.
 18. A method comprising: generating, at a master key server, first cryptographic information; generating, at the master key server, second cryptographic information; synchronizing the first cryptographic information with a first primary key server assigned to a first cluster of group member devices; and synchronizing the second cryptographic information with a second primary key server assigned to a second cluster of group member devices.
 19. The method of claim 18, wherein the first cryptographic information is rekey information.
 20. The method of claim 18, further comprising: accessing a database containing information regarding the first cluster of group member devices, the first primary key server, and an indication that the first primary key server is interested in receiving cryptographic information for the first cluster of group member devices.
 21. A switch comprising: one or more line cards, wherein at least one of the one or more line cards is configured to: receive, at a primary key server assigned to a cluster of group member devices, cryptographic information from a master key server; determine at least one registration key server assigned to the cluster; and forward the cryptographic information to at least one registration key server for distribution to the group member devices within the cluster.
 22. A switch comprising: one or more line cards, wherein at least one of the one or more line cards is configured to: receive, at a registration key server assigned to at least one group member device within a cluster, a message; determine if the message is received from a primary key server and if the message contains a cluster identifier corresponding to the cluster; and forward cryptographic information from the message to the at least one group member device if the message is received from a primary key server and if the message contains a cluster identifier corresponding to the cluster.
 23. A switch comprising: one or more line cards, wherein at least one of the one or more line cards is configured to: generate, at a master key server, first cryptographic information; generate, at the master key server, second cryptographic information; synchronize the first cryptographic information with a first primary key server assigned to a first cluster of group member devices; and synchronize the second cryptographic information with a second primary key server assigned to a second cluster of group member devices. 